CN103761455B - File management system and method - Google Patents
File management system and method Download PDFInfo
- Publication number
- CN103761455B CN103761455B CN201310744023.9A CN201310744023A CN103761455B CN 103761455 B CN103761455 B CN 103761455B CN 201310744023 A CN201310744023 A CN 201310744023A CN 103761455 B CN103761455 B CN 103761455B
- Authority
- CN
- China
- Prior art keywords
- file
- control
- encryption
- document
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000007726 management method Methods 0.000 claims description 174
- 238000012545 processing Methods 0.000 claims description 12
- 238000009434 installation Methods 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 10
- 230000006870 function Effects 0.000 claims description 9
- 238000007639 printing Methods 0.000 claims description 8
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 7
- 238000004891 communication Methods 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 claims description 4
- 230000003362 replicative effect Effects 0.000 claims description 3
- 238000012806 monitoring device Methods 0.000 abstract description 4
- 230000007246 mechanism Effects 0.000 description 6
- 230000009471 action Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000032683 aging Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000004880 explosion Methods 0.000 description 1
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 description 1
- 239000010931 gold Substances 0.000 description 1
- 229910052737 gold Inorganic materials 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a file management system and method. The file management system comprises a certification device, a control device and a monitoring device. A first processor of the control device generates an encrypted file according to certification information of a primary file and an encrypted file, stores encrypted file certification information which can decode the encrypted file into the certification device and further sets file management information to be stored into the certification device to control using conditions of the encrypted file. A second processor of the monitoring device read the encrypted file certification information and the file control information in the certification device to use and control the encrypted file, meanwhile stores file utilization information to the certification device and the monitoring device to back transmit to the control device.
Description
Technical field
The present invention relates to a kind of file management system and method, more particularly to it is a kind of using encryption, file privilege limit with
And the mode of file usage record is managing the system and method for file.
Background technology
With the development of internet, the transmission of electronic data also increasingly facilitates, by the data transfer mode of network,
Just directly data can be transmitted into any end points for having with network and being connected, accordingly, without by data manpower transmission by way of,
The other end is transferred data to, the manpower round time is greatly reduced, therefore, data are entered between different end points by network
Row transmission, this mode has the advantages that high-timeliness.
Additionally, also data can be sent in network hard disc by network, subsequently, just can it is any have a network where,
The data are downloaded and used from the network hard disc.However, by network automatic network hard disc the data being downloaded or being incited somebody to action
During the data are uploaded to network hard disc, if intentionally personage is intercepted or stolen the data that are intended to upload or download, will cause
Data is violated user's original idea and is flowed out, and when the computer or network hard disc of user are invaded by network hacker, also will
Significant data in being stored in computer or network hard disc is stolen.
General company or the data of enterprise, are stored in computer by way of electronization, and wherein considerable text
Part is classified papers, if company computer suffers hacker attacks, classified papers will be stolen by hacker, occurs what confidential data leaked
Situation, if Company Confidential data leak, will cause the beyond measure loss with redemption to company.For example, building industry and electricity
The design drawing of road design wave parameter, the program source code of Software for Design industry, the song of Cultural and Creative Industries or ad content and gold
Melt personal data of industry etc., if the situation that the file content of the above leaks, to company or the goodwill and image of enterprise,
Or even business revenue will cause strong influence with loss.
Furthermore, because electronic data is easily replicated, also because of the convenience of network, therefore, electronic data is easily by net
Network is transmitted and leaked.For electronic data is compared to old hard copy data, electronic data can store considerable data volume
In a storage device easy to carry, not as conventional hard copy data, in addition it is also necessary to which a large amount of manpowers move to take movement with material resources.And electricity
The reading of subdata with replicate, can change from distal end, read or replicate by network, be stolen also therefore easily and leak and
Without being felt so that have no way of being prevented in the very first time or carry out infringement keyholed back plate.
Prior art is to use a password by data encryption, when encryption data is sent to a user by data owner
Afterwards, the password need to be informed user by oral or other modes, allows user to be able to use the encryption data, to prevent
Unauthorized personnel steal the content of the data.But using during general password encryption, the password needs voluntarily to remember, therefore close
The generally unsuitable too complex of code, and then cause the password to be easily cracked.And when the encryption data is sent to the user, this makes
User is just welcome using the encryption data after knowing the cipher, while welcome transmit in password and the encryption data
To third party user, if there is the situation that data leak, it is not easy to differentiate attribution of liability.
Furthermore, the owner of the encryption data is after the encryption data is spread out of, if password is informed into user,
Just follow-up keyholed back plate cannot be again done, is that the uncontrollable user leaks password with data, and then cause the outflow of data.
Additionally, after the user uses the encryption data, editable or changing the encryption data, and arbitrarily spread amended number
According to, cause mistake information transmission.And if user backs up the encryption data after decryption in each different main frame, the 3rd
Square user is just welcome to be watched and uses, and the confidentiality for causing data is scattered and disappeared.If consequently, it is possible to only permitting part personage
Viewing and the confidentiality data for using, just cannot send user to and use using this kind of mode, thus cannot enjoy meter
The convenience produced under calculation machine and the Internet explosion.And the owner of the encryption data is delivered for use the encryption data
After person's use, the flow direction of the keyholed back plate encryption data is not simply failed to, also cannot carry out ageing keyholed back plate, nothing for the encryption data
The useful life of the method management and control data.Therefore existing electronic data occupation mode will certainly will be improved further.
The content of the invention
In view of the shortcoming of aforementioned prior art, present invention is primarily targeted at providing a kind of file management system.Should
File management system is to be protected by the file of need for confidentiality, only allows authorized user to use this document, and can enter one
Step limits the right that the use file number of times of user, file content are replicated or transmitted, with monitoring and management and control this document.
To achieve the above object of the invention, the technology used in the present invention means are to make this document management system include:
One authentication device, one has the electronic installation of storage area;
One control device, includes a first processor, and the processor is according to an original document and an encryption document authentication
Information, produces one and encrypts file, and for setting file management and control regulation, and the setting value specified according to this document management and control,
A file management and control information is produced, and the encryption document authentication information and this document management and control information are stored in into the authentication device;
One supervising device, includes a second processing device, and the processor reads the encryption document authentication in the authentication device
Information and file management and control information, and it is authenticated ratio to encrypting file using the encryption document authentication information stored in authentication device
It is right, and when comparison result is identical, according to the file management and control regulation of the file management and control information of the authentication device, use should add ciphertext
Part, and when difference, prohibit the use of the encryption file;And
Wherein the authentication device is selectively electrically connected to the control device or the supervising device.
To achieve the above object of the invention, the present invention is still using another kind of technological means, there is provided a kind of file management method,
It includes an encryption method and a decryption method;
Wherein the encryption method includes following steps:
Confirm file management and control regulation;
Set up file management and control information;
According to an original document and an encryption document authentication information, produce one and encrypt file;
Confirm whether authentication device successfully electrically connects;If so, next step is then performed;If it is not, then reaffirming that certification is filled
Put and whether successfully electrically connect;And
Storage encryption document authentication information and file management and control information are in authentication device;
Wherein the decryption method includes following steps:
Confirm whether authentication device successfully electrically connects;If so, next step is then performed;If it is not, then reaffirming that certification is filled
Put and whether successfully electrically connect;
The encryption file is authenticated using the encryption document authentication information stored in authentication device comparing;If comparing knot
It is really identical, then perform next step;If it is not, then terminating the decryption method;And
Encryption file is used according to file management and control regulation.
The present invention is with double protection mechanism, to protect the information content of the encryption file.First weighs preventing mechanism is
According to an original document and an encryption document authentication information, produce one and encrypt file, and the encryption document authentication information is stored
In an authentication device.Encryption file after encryption, then must be by storing the certification of the encryption document authentication information
Device could be used, and be the encryption document authentication information in the authentication device when using the encryption file, judge to add
Whether ciphertext part can be decrypted using.In other words, the first weight preventing mechanism of the invention is to gather around for non-scripture part
The person's of having permission or the management and control of the user for authorizing so as to the encryption file cannot be used.Second weight preventing mechanism sets a file
Management and control regulation, to produce a file management and control information, and is stored in the authentication device, in using the encryption by this document management and control information
During file, further according to the file management and control information in the authentication device of being stored in, monitoring and the use of the management and control encryption file
Situation, to guarantee that encrypting file cannot be passed by scripture part owner permission or the user for authorizing duplication, acquisition picture or network
Defeated mode steals the content of the encryption file, it is to avoid the facts that encryption file content is usurped occurs.In other words, this
The second bright weight preventing mechanism is the management and control of the user for allowing for scripture part owner or authorizing, and makes authorized use
Person, also by the management and control of file owner, allows the occupation mode of file to be can be gathered around by file while using the encryption file
Desired by the person of having.
Encryption file after present invention encryption, needs the authentication device to decrypt and use, and should add in use
During ciphertext part, the use situation of the file management and control Information Security Management encryption file that can be subject in the authentication device, by this two kinds
Preventing mechanism, the encryption file arbitrarily cannot be used or propagated.If user does not have the authentication device, cannot make
With the encryption file, therefore the encryption file is during transmission, even if file is intercepted or stolen by intentionally personage, intentionally personage
Also file cannot be used in the case of not there is no authentication device, and then can ensure that the data in file will not flow out.And use
The authentication device can be also monitored further and the management and control encryption file using during the encryption file, using forbidding file to replicate,
Limit file use time, limit file printout number of times, using during file add watermark, mimeograph documents when plus watermark,
Prohibit the use of the modes such as network transmission file content to further ensure that the security of the encryption file.When actually used, should
Encryption file directly can send user to by network, allow user to be able to easily obtain the encryption file, and without the need for load
Whether the heart encryption file can leak because of being stolen, and seem mailing by other means, the mode of class paid face to face
User is given by the authentication device, the encryption file is used using the authentication device to guarantee the grantee.And should
There is file management and control information in authentication device, with monitor and the management and control encryption file behaviour in service, without worry should plus ciphertext
Part is abused.
Describe the present invention below in conjunction with the drawings and specific embodiments, but it is not as a limitation of the invention.
Description of the drawings
The system architecture schematic diagram of Fig. 1 present pre-ferred embodiments;
The system block diagram of Fig. 2 present pre-ferred embodiments;
The flow chart of Fig. 3 encryption methods of the present invention;
The flow chart of Fig. 4 decryption methods of the present invention.
Wherein, reference
1 control device
The authentication module of 10 first processor 11
The original document of 12 file encryption module 121
122 encryption file 13 management and control regulation setting modules
The operation note logging modle of 14 degree of secrecy setting module 15
The first network link block of 16 file use information enquiry module 17
2 supervising devices
The authentication device drive module of 20 second processing device 21
The file management and control of 22 file decryption module 221 regulation uses module
The file management and control of 23 file use information logging modle 24 specifies update module
25 second network connecting modules
30 authentication devices
The mnemon of 40 server 41
42 operation information logging modles
50 networks
Specific embodiment
With the following drawings and preferred embodiments of the present invention, the present invention is expanded on further to reach predetermined goal of the invention institute
The technological means taken.
Refer to shown in Fig. 1, the present invention be a file management system, and include a control device 1, a supervising device 2,
One authentication device 30 and a server 40.The authentication device 30 is an electronic installation with storage area.The server 40 is
With the mnemon 41 for storing a file management and control database.In this preferred embodiment, the control device 1 and the monitoring
Device 2 can be a mobile computer, a desktop computer, tablet PC or intelligent mobile phone.The authentication device 30 can be
One USB Portable disks, eSATA Portable disks, the device with wireless communication capability, for example, the mobile phone with Bluetooth function, have
The mobile phone of WiFi function, the mobile phone with infrared function and the identification card and its card reader of identity can be recognized.For example, should
The identification card that identity can be recognized can be natural person's identity documents, employee's identification card or EasyCard of signing etc..
Refer to shown in Fig. 2, the control device 1 includes a first processor 10, the first processor 10 includes one
Authentication module 11, a file encryption module 12, the management and control regulation first network link block 17 of setting module 13 and.
When using, first the authentication device 30 is connected with the control device 1, and after using finishing, disconnects the authentication device 30 and be somebody's turn to do
The connection of control device 1.In this preferred embodiment, the connected mode of the authentication device and the control device or the supervising device
Can be for USB interface, SATA interface, eSATA interfaces, IEEE1394 interfaces, pcmcia interface, wireless communication interface (such as:WiFi、
Bluetooth, infrared ray, NFC, ZigBee, Wireless USB) or serial port interface is (such as:RS232、RS422、RS485).
The authentication module 11 is used for one user's account number of confirmation and password, and in confirmation user's account number and password
For it is correct when, the control device 1 is logined, with using the modules in the control device 1.And in user's account number and password
During mistake, forbid logining the control device 1.
This document encrypting module 12 is, according to an original document 121 and an encryption document authentication information, to produce one plus ciphertext
Part 122, and the encryption document authentication information is stored in the authentication device 30.In this preferred embodiment, the encryption file
The content of authentication information is included when being used using the decryption information needed for the encryption file 122 and the management and control encryption file 122
Between required file digital finger-print (such as MD5).
The management and control regulation setting module 13 is used for setting one file management and control regulation, and the setting specified according to this document management and control
Value, produces a file management and control information, and this document management and control information is stored in the authentication device 30, and by first net
Network link block 17 is connected by network 50 or wired connection is sent in the file management and control database of the server 40 and stores.Should
File management and control specifies for the service condition of management and control user.In this preferred embodiment, the content bag of this document management and control information
Setting value, the backup connection of original document 121, the original text specified containing file user's title, file name, file management and control
The digital finger-print (such as MD5) of part 121 and the setup time of the file management and control information.
In this preferred embodiment, this document management and control regulation is included:When the encryption file 122 is used, automatically addition is literary
Word and image swim to be printed in display result;When the encryption file 122 is printed, automatically addition writings and image is swum to be printed on and is beaten
In print result;The non-print encryption file 122;Picture is prohibitted the use of to capture or make video recording function to capture the encryption file 122
Content;Forbid replicating or changing the content of the encryption file 122;Deposit in memory body after network transmission that no thoroughfare decryption
File content.For example, it is to prohibit the use of cutting, replicate and sticking for scrapbook that this forbids the file management and control for replicating regulation
Function;Prohibit the use of towing copy function;Prohibit the use of and separately deposit new file function;Forbid being printed out with virtual printer and be
The mode of file carrys out reproducting content.Adding watermark system when the encryption file 122 is used and preventing intentionally personage from using any has
The make video recording device of function of taking pictures steals encryption file content to shoot display result.
Additionally, this document management and control specifies can also further select the access times for whether limiting the encryption file 122, should add
The useful life of ciphertext part 122, add using the use time of the encryption file 122, using the time of the encryption file 122 every time
Always, the printing times of the encryption file 122, the authentication device 30 are filled every time using the time and the certification of the encryption file 122
Putting 30 can use the total time of the encryption file 122.For example, when the access times of file are limited, once number of times is reached
The upper limit, then file can be automatically deleted.When the useful life of file is limited, once useful life is reached, then file can be deleted automatically
Remove.When the time for using file every time is limited, once use time is reached, then file can be automatically deleted.Text is used when limiting
During the total time of part, once the total time that file is used reaches, then file can be automatically deleted.When limiting, the authentication device 30 is each
During the time that can use file, reach once the time, then file is automatically switched off.Can be using text when the authentication device 30 is limited
During the total time of part, once total time reaches, then the authentication device 30 just cannot reuse any file.And when restriction file
During printing times, once printing times reach the upper limit, then file can be automatically deleted.In this preferred embodiment, this uses action
It is to refer to the execution action for performing file, or opens the breakdown action of generic-document.
The first processor 10 of the control device 1 further includes a degree of secrecy setting module 14, an operation note
The file use information enquiry module 16 of logging modle 15 and.
The degree of secrecy setting module 14 be a degree of secrecy information of setting up in the encryption document authentication information, make to have
The encryption file 122 of the degree of secrecy information becomes an encryption file 122 with degree of secrecy.When actually used, the original
The owner of beginning file 121 is intended to for encryption file 122 to license to the specific user of some of user (for example,
Part high-order supervisor in all office workers of company), using encryption file 122, it is necessary to set the degree of secrecy information, makes
Tool meets the specific user of degree of secrecy, could use the encryption file 122 of the degree of secrecy, and the encryption file 122 cannot
Used by the user that there is no the degree of secrecy.
The operation note logging modle 15 is to operate the operation note of the control device 1 to record user, and is produced
A raw operation information, is connected by network 50 by the first network link block 17 or wired connection is sent to the server 40
File management and control database in store, allow manager that various file authorizing behaviors can be checked by the operation note.At this
In preferred embodiment, the content system of the operation information includes user's account number, operating time, encrypts whether file 122 belongs to
Degree of secrecy and the title of the encryption file 122 recipient.
This document use information enquiry module 16 is one file use information of inquiry, to be supplied to gathering around for original document 121
The person of having follows the trail of the behaviour in service of the encryption file 122.This document use information enquiry module 16 be from the server 40 or this recognize
Card device 30 reads this document use information.In this preferred embodiment, this document use information includes the encryption file 122
Title, every time using the time of the encryption file 122, close the time of the encryption file 122 and making for the encryption file 122
Use number of times.
And the supervising device 2 includes a second processing device 20, the second processing device 20 includes authentication device driving
Module 21, a file decryption module 22 and file management and control regulation uses module 221.When to use encryption file 122, use
Person first must electrically connect the authentication device 30 with the supervising device 2, and when user is intended to stop using encryption file 122,
Disconnect the electrical connection of the authentication device 30 and the supervising device 2.
The authentication device drive module 21 is used to drive the authentication device 30, is stored in the authentication device 30 with reading
Encryption document authentication information and file management and control information.This document deciphering module 22 is used for using the encryption for being stored in authentication device 30
Document authentication information is authenticated comparing to the encryption file 122, and when comparison result is identical, user can use plus ciphertext
Part 122.This document management and control specify using module 221 be according in the authentication device 30 store file management and control information file pipe
Regulatory control uses the encryption file 122 surely;And when certification comparison result is different, supervising device 2 will be prohibited from using this plus ciphertext
Part 122.It is to specify to use and manage according to the file management and control of the setting of control device 1 that this document management and control specifies using module 221
Control the encryption file 122.For example, this document management and control regulation is first to check whether useful life expires using module 221, if
Expire, then the encryption file is deleted or prohibitted the use of to the encryption file 122 by the setting for being specified according to this document management and control
122, also or show one beyond useful life hint image.
Additionally, when the encryption file 122 is the encryption file 122 that has degree of secrecy, this document deciphering module 22
Just further using in authentication device 30 store degree of secrecy information confidential information comparison is carried out to the encryption file 122, when
When comparison result is identical, using the encryption file 122 of the degree of secrecy;And when confidential information comparison result is different, forbid making
With the encryption file 122 of the degree of secrecy.
Additionally, the second processing device 20 of the supervising device 2 further includes a file use information logging modle 23,
File management and control specifies the network connecting module 25 of update module 24 and 1 second.
This document use information logging modle 23 is to record the title of the encryption file 122, use the encryption file every time
The access times of 122 time, the time for closing the encryption file 122 and the encryption file 122, to produce this document letter is used
Breath, and this document use information is sent to the file of the server 40 by network 50 by second network connecting module 25
Management and control database is stored, and directly this document use information is stored in the authentication device 30.If but the supervising device 2 is not having
In the case of being connected to network 50, then only this document use information need to be stored in the authentication device 30.Consequently, it is possible to former
The owner of beginning file 121 just can be by network 50, the file use information in reading this document management and control database, or by
The authentication device 30 is reclaimed, to learn the use situation of the encryption file 122.Furthermore, the supervising device 2 is to include
One storage element (not shown), and no matter the supervising device 2 whether there is and is connected to network 50, all further can use this document
Information is stored in the storage element of the supervising device 2.In other words, when the supervising device 2 has network 50 in succession, this document makes
Can carry out tripartite's record with information logging modle 23, if without networking network 50 when, this document use information logging modle 23 can be carried out
Both sides record, and wait the supervising device 2 that the usage record is sent to the file of the server 40 when having network 50 in succession
Management and control database is stored.
This document management and control regulation update module 24 is to be connected to this by network 50 by second network connecting module 25
Server 40, and compare file management and control regulation and the certification of file management and control information in the file management and control database of the server 40
In device 30 the file management and control of file management and control information define whether it is identical, if differing, by file pipe in the authentication device 30
The file management and control of control information specifies the file management and control of file management and control information in the file management and control database for be updated to the server 40
Regulation.
It is to be selectively electrically connected to the control device 1 or the supervising device 2 in the authentication device 30, and the authentication device
30 be one can stored electrons data electronic installation, to store the encryption document authentication information and this document management and control information, with
And selectively store this document use information.
The server 40 is electrically connected to the control device 1, and includes a mnemon 41 and operation information record mould
Block 42, the mnemon 41 stores the backup of this document management and control database and original document 121.The operation information logging modle
42 is to transmit this document management and control information each time in the control device 1 or supervising device 2 transmits each time this document use information
During to this document management and control database, a server operation information is produced, and be stored in the mnemon 41.In this preferred embodiment
In, the server operation packet contains user's account number, time and the corresponding file name of transmission data.
Refer to shown in Fig. 3, the file management method of the present invention includes an encryption method and a decryption method, wherein should
Control device 1 performs the encryption method, and the encryption method includes following steps:
Confirm that a file management and control specifies (S31);
Set up file management and control information (S32);
It is connected to a server 40 (S33);
Storage this document management and control information is in the server 40 (S34);
An original document 121 is backed up in the server 40 (S35);
According to the encryption document authentication information of original document 121 and, produce one and encrypt file 122 (S36);
Confirm whether an authentication device 30 successfully electrically connects (S37);If so, next step is then performed;If it is not, then again true
Whether the authentication device 30 successfully electrically connects (S37);And
The encryption document authentication information and this document management and control information are stored in the authentication device 30 (S38).
Refer to shown in Fig. 4, the supervising device 2 performs the decryption method, the decryption method includes following steps:
Confirm whether authentication device 30 successfully electrically connects (S40);If so, next step is then performed;If it is not, then reaffirming
Whether authentication device 30 successfully electrically connects (S40);
The encryption file 122 is authenticated using the encryption document authentication information stored in authentication device 30 comparing
(S41);If comparison result is identical, next step is performed;If it is not, then terminating the decryption method;And
According to file management and control regulation using encryption file 122 (S48), and store files use information is in authentication device 30
(S49)。
The supervising device 2 further includes a storage element (not shown), and when the decryption method is exempted to install in one
During pattern, following steps are further includeed:
It is confirmed whether to be connected to network (S42);If it is not, then according to file management and control regulation using encryption file 122 (S48),
And store files use information is in the authentication device 30 (S49);If so, next step is then performed;
By network connection to the server 40 (S43);
Check that this document management and control defines whether to need to update (S44);If so, this document management and control regulation (S45) is then updated, and
Perform next step;If it is not, then directly performing next step;
Encryption file 122 (S46) is used according to this document management and control regulation;
Storage this document use information is in the server 40 and the authentication device 30 (S47).
And when the decryption method is in an Installation Modes, further include following steps:
It is confirmed whether to be connected to network (S42);If it is not, then according to file management and control regulation using encryption file 122 (S48),
And store files use information is in the authentication device 30 and the storage element (S49);If so, next step is then performed;
By network connection to the server 40 (S43);
Check that this document management and control defines whether to need to update (S44);If so, this document management and control regulation (S45) is then updated, and
Perform next step;If it is not, then directly performing next step;
Encryption file 122 (S46) is used according to this document management and control regulation;
Storage this document use information is in the server 40 and the authentication device 30 and the storage element (S47).
For example, this exempt from Installation Modes refer to the supervising device 2 be using be stored in it is various in the authentication device 30
Module is completing above-mentioned decryption method.And the Installation Modes refer to that the supervising device 2 is to use to be stored in the storage element
Various modules completing above-mentioned decryption method.
Refer to shown in Fig. 1, when the owner of the original document 121 is intended to carry out making encryption file 122 using the present invention
When, file owner first input correct user's account number and password, to login the control device 1, and sets original document
This document management and control regulation, produces according to this file management and control information, to limit access right of the user using encryption file 122,
Then according to the encryption document authentication information of original document 121 and, produce one and encrypt file 122, subsequently, then this is added into ciphertext
Part authentication information and this document management and control information are stored in the authentication device 30.Meanwhile, the original document 121 is backed up to into the clothes
In business device 40.
Furthermore, the encryption file 122 is utilized portable media storage device by file owner, by the encryption file
122 are stored in portable media storage device, are electrically connected with supervising device 2 by portable media storage device, monitoring dress
Put 2 and read the encryption file 122 from portable media storage device, or be sent to the encryption file 122 by network 50
The supervising device 2.
Specifically, by way of file owner can face to face pay the authentication device 30 mailing or directly, will add
Ciphertext part consigns to the user of encryption file 122 approved by the owner of the original document 121, electric by the authentication device 30
The supervising device 2 is connected to, to drive and the encryption document authentication information and this document being stored in the authentication device 30 is read
Management and control information, is entered with degree of secrecy information with the encryption document authentication information stored in authentication device 30 to the encryption file 122
Row certification is compared, if comparison result is identical, user just can use the encryption file 122, conversely, working as certification comparison result not
When identical, user just cannot according to this use the encryption file 122.Furthermore, after user is using encryption file 122, the prison
Control device 2 can be according to file management and control information in the authentication device 30, in addition management and control encryption file 122.For example, forbid making
User replicates the encryption file, adds the watermark of writings and image, limits the encryption file when printing encryption file
Access times, printing times or useful life.
After the present invention also can be by the original document 121 be encrypted, directly user is sent to by network 50, the encryption
File just must can be used by the authentication device 30, therefore, even if the encryption file 122 during transmission by person who is ambitious or tenacious of purpose
Scholar intercepts or steals, and data that are intercepted or stealing also cannot be used in the case of not having authentication device 30, to learn
Data in the encryption file 122, and the authentication device 30 sends user to (as posted) then by other means, so that tool
The authentication device 30 and encryption file 122 for having encryption document authentication information is separately sent to the user, accordingly, the encryption file
122 can't simultaneously be intercepted or steal with the authentication device 30 with encryption document authentication information, should even if stealing or intercepting
Encryption file 122 or the authentication device 30 are first, cannot also obtain the information in the encryption file 122.Therefore by the way that this is encrypted
File 122 and the authentication device 30 are separately transmitted, and reduce the possibility that data are stolen.
Additionally, the present invention also carrys out management and control user use by the file management and control regulation stored in the authentication device 30 should add
The situation of ciphertext part 122, the encryption file 122 cannot be replicated, or privates by printing.Can also further limit the encryption file
122 useful life, access times and printing times.
The present invention because of the occupation mode using entity authentication device, once therefore the authentication device held of grantee lose
Lose, the grantee easily will discover so that the file chance stolen because of human factor is substantially reduced.
Certainly, the present invention can also have other various embodiments, ripe in the case of without departing substantially from spirit of the invention and its essence
Know those skilled in the art and work as and various corresponding changes and deformation, but these corresponding changes and change can be made according to the present invention
Shape should all belong to the protection domain of appended claims of the invention.
Claims (25)
1. a kind of file management system, it is characterised in that include:
One authentication device, one has the electronic installation of storage area;
One control device, includes a first processor, and the first processor is according to an original document and an encryption document authentication
Information, produces one and encrypts file, and setting one file management and control regulation, and according to a setting value of this document management and control regulation, produces
A raw file management and control information, and the encryption document authentication information and this document management and control information are stored in into the authentication device;
One supervising device, includes a second processing device, and the second processing device reads the encryption document authentication in the authentication device
Information and file management and control information, and the encryption file is recognized using the encryption document authentication information stored in authentication device
Card is compared, and when comparison result is identical, according to the file management and control regulation of the file management and control information of the authentication device, use should add
Ciphertext part, and when difference, prohibit the use of the encryption file;And
Wherein the authentication device is selectively electrically coupled to the control device or the supervising device.
2. file management system according to claim 1, it is characterised in that the first processor of the control device is included
Have:
One file encryption module, for according to the original document and the encryption document authentication information, producing the encryption file, and will
The encryption document authentication information is stored in the authentication device;
One management and control specifies setting module, for setting this document management and control regulation, and the setting value specified according to this document management and control, produces
Raw this document management and control information, and this document management and control information is stored in into the authentication device.
3. file management system according to claim 1 and 2, it is characterised in that the first processor of the control device enters
One step includes:
One authentication module, for confirming user's account number and password, and when user's account number and correct password, steps on
Enter the control device, with using the modules in the control device, and when user's account number and code error, forbid stepping on
Enter the control device.
4. file management system according to claim 1 and 2, it is characterised in that the second processing device bag of the supervising device
Contain:
One authentication device drive module, for driving the authentication device, to read the authentication device in encryption document authentication letter
Breath and file management and control information;And
One file decryption module, for being recognized the encryption file using the encryption document authentication information stored in authentication device
Card is compared, and when comparison result is different, prohibits the use of the encryption file;
One file management and control regulation uses module, when the comparison result of this document deciphering module is identical, according to the authentication device
File management and control information file management and control regulation, using the encryption file.
5. file management system according to claim 1 and 2, it is characterised in that the first processor of the control device enters
One step includes:
One degree of secrecy setting module, for setting up a degree of secrecy information in the encryption document authentication information.
6. file management system according to claim 1 and 2, it is characterised in that further include:
One server, includes a mnemon, and the mnemon stores a file management and control database.
7. file management system according to claim 6, it is characterised in that the first processor of the control device is further
Include:
One first network link block, by network connection to the server;And
One operation note logging modle, for producing an operation information, and is sent to the clothes by the first network link block
The file management and control database of business device.
8. file management system according to claim 7, it is characterised in that the operation information include user's account number,
Operating time and the title of encryption document receivers.
9. file management system according to claim 1 and 2, it is characterised in that the second processing device of the supervising device enters
One step includes:
One file use information logging modle, for producing a file use information, and is stored in this by this document use information
Authentication device.
10. file management system according to claim 9, it is characterised in that the supervising device further includes a storage
Memory cell, and this document use information is further stored in the monitoring by the file use information logging modle of the second processing device
The storage element of device.
11. file management systems according to claim 6, it is characterised in that the second processing device of the supervising device enters one
Step includes:
One second network connecting module, by network connection to the server;And
One file use information logging modle, this document use information logging modle is used to produce a file use information, and mat
This document use information is stored in by the note of the server to the server by network connection by second network connecting module
Recall unit.
12. file management systems according to claim 9, it is characterised in that this document use information includes the encryption
The title of file, every time using the time of the encryption file, close the time of the encryption file and the use time of the encryption file
Number.
13. file management systems according to claim 9, it is characterised in that the first processor of the control device enters one
Step includes:
One file use information enquiry module, for reading the authentication device in file use information.
14. file management systems according to claim 11, it is characterised in that the first processor of the control device enters one
Step includes:
One file use information enquiry module, for reading the server in file use information.
15. file management systems according to claim 11, it is characterised in that the second processing device of the supervising device enters one
Step includes:
One file management and control specifies update module, by network connection to the server, and for comparing the file pipe of the server
The file management and control of file management and control information in control database specifies the file management and control regulation with file management and control information in the authentication device
It is whether identical, if differing, the file management and control regulation of file management and control information in the authentication device is updated to into the server
The file management and control regulation of file management and control information in file management and control database.
16. file management systems according to claim 1 and 2, it is characterised in that this document management and control packet contains file
The backup of setting value, original document that user's title, file name, file management and control specify connects, the numeral of original document refers to
The setup time of line and this document management and control information.
17. file management systems according to claim 1 and 2, it is characterised in that this document management and control regulation is included:
When file printout, addition automatically swims to be printed in print result;
When file is used, addition automatically swims to be printed in display result;
Picture is prohibitted the use of to capture or make video recording function to capture file content;
Forbid replicating or changing file content;And
No thoroughfare network transmission file.
18. file management systems according to claim 17, it is characterised in that this document management and control regulation is further included
Have:
Limit the access times of file;
Limit the useful life of file;
Limit each use time of file;
Limit the total time that file is used;
Limit the printing times of file;
Limit the time that the authentication device uses every time file;And
Limit the total time that the authentication device uses file.
19. file management systems according to claim 1, it is characterised in that the authentication device is USB Portable disks, eSATA
Portable disk or the device with wireless communication capability.
20. file management systems according to claim 1, it is characterised in that the authentication device and the control device should
The connected mode of supervising device can be USB interface, SATA interface, eSATA interfaces, IEEE1394 interfaces, pcmcia interface, wireless
Communication interface or serial port interface.
21. file management systems according to claim 1, it is characterised in that the encryption document authentication packet contains:Make
With the file digital finger-print needed for the decryption information needed for the encryption file and the management and control encryption file use time.
A kind of 22. file management methods, include an encryption method and a decryption method;
Characterized in that, wherein the encryption method is performed by a control device, the encryption method includes following steps:
Confirm file management and control regulation;
Set up file management and control information;
According to an original document and an encryption document authentication information, produce one and encrypt file;
Confirm whether an authentication device successfully electrically connects;If so, next step is then performed;If it is not, then reaffirming the certification dress
Put and whether successfully electrically connect;And
Storage encryption document authentication information and file management and control information are in the authentication device;
Wherein the decryption method is performed by a supervising device, and the decryption method includes following steps:
Confirm whether the authentication device successfully electrically connects;If so, next step is then performed;If it is not, then reaffirming the certification dress
Put and whether successfully electrically connect;
The encryption file is authenticated using the encryption document authentication information stored in authentication device comparing;If comparison result phase
Together, then next step is performed;If it is not, then terminating the decryption method;And
According to file management and control regulation using encryption file, and store files use information is in the authentication device.
23. file management methods according to claim 22, it is characterised in that the encryption method further includes following
Step:
It is connected to a server;
Store files management and control information is in the server;And
Backup original document is in the server.
24. file management methods according to claim 22, it is characterised in that the decryption method further includes following
Step:
It is confirmed whether to be connected to network;If it is not, and when one exempts from Installation Modes, then according to file management and control regulation using plus ciphertext
Part, and store files use information is in the authentication device;If so, next step is then performed;
When this exempts from Installation Modes, by network connection to a server;
Check that a file management and control defines whether to need to update;If so, this document management and control regulation is then updated, and performs next step;
If it is not, then directly performing next step;
Encryption file is used according to this document management and control regulation;And
A file use information is stored in the server and the authentication device.
25. file management methods according to claim 22, it is characterised in that the decryption method further includes following
Step:
It is confirmed whether to be connected to network;If it is not, and when an Installation Modes, then according to file management and control regulation using encryption file,
And store files use information is in the authentication device and a storage element;If so, next step is then performed;
When the Installation Modes, by network connection to a server;
Check that a file management and control defines whether to need to update;If so, this document management and control regulation is then updated, and performs next step;
If it is not, then directly performing next step;
Encryption file is used according to this document management and control regulation;And
A file use information is stored in the server, the authentication device and the storage element.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310744023.9A CN103761455B (en) | 2013-12-24 | 2013-12-24 | File management system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310744023.9A CN103761455B (en) | 2013-12-24 | 2013-12-24 | File management system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103761455A CN103761455A (en) | 2014-04-30 |
| CN103761455B true CN103761455B (en) | 2017-04-12 |
Family
ID=50528691
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310744023.9A Active CN103761455B (en) | 2013-12-24 | 2013-12-24 | File management system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103761455B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573550A (en) * | 2014-12-27 | 2015-04-29 | 小米科技有限责任公司 | Method and device for protecting data |
| CN109460963A (en) * | 2018-09-26 | 2019-03-12 | 平安国际融资租赁有限公司 | Electronic signature method, apparatus, computer equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170554A (en) * | 2007-09-04 | 2008-04-30 | 诸凤璋 | Message safety transfer system |
| CN102185695A (en) * | 2009-12-22 | 2011-09-14 | 谷电机工业株式会社 | Information management system, information management method and apparatus, and encryption method and program |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201205331A (en) * | 2010-07-28 | 2012-02-01 | Atp Electronics Taiwan Inc | Data secure system, method of storing and reading data |
-
2013
- 2013-12-24 CN CN201310744023.9A patent/CN103761455B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170554A (en) * | 2007-09-04 | 2008-04-30 | 诸凤璋 | Message safety transfer system |
| CN102185695A (en) * | 2009-12-22 | 2011-09-14 | 谷电机工业株式会社 | Information management system, information management method and apparatus, and encryption method and program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103761455A (en) | 2014-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101729550B (en) | Digital content safeguard system based on transparent encryption and decryption, and encryption and decryption method thereof | |
| CN100552793C (en) | Method and apparatus and pocket memory based on the Digital Right Management playback of content | |
| CN102710633B (en) | Cloud security management system of security electronic documents and method | |
| CN101895578B (en) | Document monitor and management system based on comprehensive safety audit | |
| CN100541507C (en) | Print system, print control program | |
| CN1967558B (en) | Image processing system, information processing device, and information processing method | |
| CN103530570A (en) | Electronic document safety management system and method | |
| CN105103488A (en) | Policy enforcement with associated data | |
| CN103701611A (en) | Method for accessing and uploading data in data storage system | |
| CN105191207A (en) | Federated key management | |
| EP2323065A1 (en) | Method and device of sharing license between secure removable media | |
| TWI499931B (en) | File management system and method | |
| CN103745164B (en) | A kind of file safety storage method based on environmental and system | |
| CN101989988A (en) | Copyright protection system and method of ebook online reading | |
| CN101578610A (en) | File access control device and program | |
| CN103080946A (en) | Method, secure device, system and computer program product for securely managing files | |
| CN103326999A (en) | File safety management system based on cloud service | |
| CN101894242B (en) | System and method for protecting information safety of mobile electronic equipment | |
| CN107332666A (en) | Terminal document encryption method | |
| CN102799539A (en) | Safe USB flash disk and data active protection method thereof | |
| CN106533693A (en) | Access method and device of railway vehicle monitoring and maintenance system | |
| CN105790962A (en) | Conference document obtaining method, apparatus, and system | |
| CN103178961A (en) | Safe information interaction method and related device | |
| CN112329050A (en) | File security management terminal and system | |
| CN101841411A (en) | Data resource anti-copying encrypted transmission method and device system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |